The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs to implement the main zone in the isolated domain. The way in which you configure these rules and settings depends on whether the computers to which the GPO applies are running Windows 7, Windows Vista, Windows Server 2008, Windows Server 2008 R2 or an earlier version of the Windows operating system.

The GPOs for computers running Windows 7, Windows Vista, Windows Server 2008, and Windows Server 2008 R2 are usually similar. If this is true for your design, create one GPO, configure it by using the tasks in this checklist, and then make a copy of the GPO for the other operating system. For example, create and configure the GPO for Windows 7, make a copy of it for Windows Server 2008 R2, and then follow the steps in this checklist to make the few required changes to the copy.

Task

Reference

Create a GPO for the computers in the isolated domain running one of the operating systems. After you have finished the tasks in this checklist and configured the GPO for that version of Windows, you can create a copy of it.

If you are working on a GPO that was copied from another GPO, modify the group memberships and WMI filters so that they are correct for the isolated domain zone and the version of Windows for which this GPO is intended.

The GPOs for computers that run Windows Server 2003, Windows XP, and Windows 2000 are typically similar. If this is true for your design, create one GPO, configure it by using the tasks in this checklist, and then make a copy of it for the other operating systems. For example, create and configure the GPO for Windows XP, create a copy of it for Windows Server 2003, and then follow the steps in this checklist to make the few required changes to the copy.

Task

Reference

Create a GPO for the computers in the isolated domain running one of the operating systems. After you have finished the tasks in this checklist and configured the GPO for that version of Windows, you can create a copy of it.

If you are working on a GPO that was copied from another GPO, modify the group memberships and WMI filters so that they are correct for the isolated domain zone and the version of Windows for which this GPO is intended.

Create the IPsec rules that combine the filter lists and filter actions. For the main zone in the isolated domain, you create rules that use the allow filter action with the exemption and ICMP filter lists and another rule that uses the request authentication filter action with the all IP traffic filter list.